""" Food items endpoints """ from typing import Any, List, Optional from fastapi import APIRouter, Depends, HTTPException, status from sqlalchemy.orm import Session from app import models, schemas, services from app.core.deps import get_current_active_superuser, get_current_active_user from app.db.session import get_db router = APIRouter() @router.get("/", response_model=List[schemas.Food]) def read_foods( db: Session = Depends(get_db), skip: int = 0, limit: int = 100, name: Optional[str] = None, current_user: models.User = Depends(get_current_active_user), ) -> Any: """ Retrieve food items. Supports filtering by name. """ foods = services.food.get_multi(db, skip=skip, limit=limit, name_filter=name) return foods @router.post("/", response_model=schemas.Food) def create_food( *, db: Session = Depends(get_db), food_in: schemas.FoodCreate, current_user: models.User = Depends(get_current_active_user), ) -> Any: """ Create new food item. """ # Set is_verified to False for user-created foods, unless user is superuser if not current_user.is_superuser: food_in.is_verified = False food = services.food.create( db=db, obj_in=food_in, created_by_id=current_user.id ) return food @router.get("/my-foods", response_model=List[schemas.Food]) def read_user_foods( db: Session = Depends(get_db), skip: int = 0, limit: int = 100, current_user: models.User = Depends(get_current_active_user), ) -> Any: """ Retrieve food items created by the current user. """ foods = services.food.get_multi_by_user( db=db, user_id=current_user.id, skip=skip, limit=limit ) return foods @router.get("/{food_id}", response_model=schemas.Food) def read_food( *, db: Session = Depends(get_db), food_id: int, current_user: models.User = Depends(get_current_active_user), ) -> Any: """ Get food item by ID. """ food = services.food.get(db=db, food_id=food_id) if not food: raise HTTPException( status_code=status.HTTP_404_NOT_FOUND, detail="Food item not found", ) return food @router.put("/{food_id}", response_model=schemas.Food) def update_food( *, db: Session = Depends(get_db), food_id: int, food_in: schemas.FoodUpdate, current_user: models.User = Depends(get_current_active_user), ) -> Any: """ Update a food item. """ food = services.food.get(db=db, food_id=food_id) if not food: raise HTTPException( status_code=status.HTTP_404_NOT_FOUND, detail="Food item not found", ) # Only allow update if user is superuser or the creator of the food item if not current_user.is_superuser and food.created_by_id != current_user.id: raise HTTPException( status_code=status.HTTP_403_FORBIDDEN, detail="Not enough permissions", ) # Regular users cannot mark items as verified if not current_user.is_superuser and food_in.is_verified: food_in.is_verified = False food = services.food.update(db=db, db_obj=food, obj_in=food_in) return food @router.delete("/{food_id}", response_model=schemas.Food) def delete_food( *, db: Session = Depends(get_db), food_id: int, current_user: models.User = Depends(get_current_active_user), ) -> Any: """ Delete a food item. """ food = services.food.get(db=db, food_id=food_id) if not food: raise HTTPException( status_code=status.HTTP_404_NOT_FOUND, detail="Food item not found", ) # Only allow deletion if user is superuser or the creator of the food item if not current_user.is_superuser and food.created_by_id != current_user.id: raise HTTPException( status_code=status.HTTP_403_FORBIDDEN, detail="Not enough permissions", ) food = services.food.delete(db=db, food_id=food_id) return food @router.post("/verify/{food_id}", response_model=schemas.Food) def verify_food( *, db: Session = Depends(get_db), food_id: int, current_user: models.User = Depends(get_current_active_superuser), ) -> Any: """ Verify a food item. Only superusers can verify food items. """ food = services.food.get(db=db, food_id=food_id) if not food: raise HTTPException( status_code=status.HTTP_404_NOT_FOUND, detail="Food item not found", ) food = services.food.update(db=db, db_obj=food, obj_in={"is_verified": True}) return food